Mozilla Foundation Security Advisory 2007-33

XUL pages can hide the window titlebar

Announced

October 18, 2007

Reporter

Eli Friedman

Impact

Low

Products

Firefox, SeaMonkey

Fixed in

Firefox 2.0.0.8

SeaMonkey 1.1.5

Description

Mozilla developer Eli Friedman discovered that web pages
written in the XUL markup language (rather than the usual HTML) can hide
their window's titlebar. It may have been possible to abuse this ablity
to create more convincing spoof and phishing pages.